Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,643
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 3,421 - 3,440 of 40,623 CVEs
CVE-2026-52196 HIGH - 7.5

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component

Published: Jun 30, 2026
Source: NVD
CVE-2026-50254 HIGH - 7.5

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it.

Vendor: OFFIS DICOM
Product: DCMTK Toolkit
Published: Jun 30, 2026
Source: NVD
CVE-2026-50003 CRITICAL - 9.8

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.

Vendor: OFFIS DICOM
Product: DCMTK Toolkit
Published: Jun 30, 2026
Source: NVD
CVE-2026-37106 CRITICAL - 9.8

An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default fea...

Published: Jun 30, 2026
Source: NVD
CVE-2026-35505 HIGH - 7.5

An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.

Vendor: OFFIS DICOM
Product: DCMTK Toolkit
Published: Jun 30, 2026
Source: NVD
CVE-2026-11541 HIGH - 7.4

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.

Vendor: IBM
Product: WebSphere Application Server, WebSphere Application Server - Liberty
Published: Jun 30, 2026
Source: NVD
CVE-2026-10585 MEDIUM - 5.4

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The AnsweredQuestionStru...

Vendor: GitHub
Product: Enterprise Server
Published: Jun 30, 2026
Source: NVD
CVE-2026-9132 MEDIUM - 6.5

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to read source code from private repositories they did not have access to. The Copilot pull request description diff summary endpoint accepted a cross-repository comparison range an...

Vendor: github
Product: enterprise_server
Published: Jun 30, 2026
Source: NVD
CVE-2026-9106 MEDIUM - 5.5

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directi...

Vendor: github
Product: enterprise_server
Published: Jun 30, 2026
Source: NVD
CVE-2026-44628 HIGH - 7.5

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.

Vendor: OFFIS DICOM
Product: DCMTK Toolkit
Published: Jun 30, 2026
Source: NVD
CVE-2026-13207 HIGH - 7.5

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefi...

Vendor: Frangoteam
Product: FUXA SCADA/HMI
Published: Jun 30, 2026
Source: NVD
CVE-2026-11594 HIGH - 8.5

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console.

Vendor: IBM
Product: WebSphere Application Server
Published: Jun 30, 2026
Source: NVD

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface.ย  An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web ...

Vendor: TP-Link Systems Inc.
Product: Archer AX20 V2.0
Published: Jun 30, 2026
Source: NVD
CVE-2025-36359 HIGH - 8.1

IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system.

Vendor: IBM
Product: DevOps Automation, DevOps Loop
Published: Jun 30, 2026
Source: NVD
CVE-2025-36336 MEDIUM - 5.9

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Vendor: IBM
Product: watsonx.data intelligence
Published: Jun 30, 2026
Source: NVD
CVE-2025-36333 MEDIUM - 4.3

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow.

Vendor: IBM
Product: watsonx.data intelligence
Published: Jun 30, 2026
Source: NVD
CVE-2025-36328 MEDIUM - 4.3

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.ย  This information could be used in further attacks against the system.

Vendor: IBM
Product: watsonx.data intelligence
Published: Jun 30, 2026
Source: NVD
CVE-2025-36327 MEDIUM - 6.5

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.

Vendor: IBM
Product: watsonx.data intelligence
Published: Jun 30, 2026
Source: NVD
CVE-2025-36324 MEDIUM - 4.3

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Vendor: IBM
Product: watsonx.data intelligence
Published: Jun 30, 2026
Source: NVD
CVE-2025-36323 MEDIUM - 5.4

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses...

Vendor: IBM
Product: watsonx.data intelligence
Published: Jun 30, 2026
Source: NVD